The state of DevSecOps, more AI Risks, and Kubernetes vulnerabilities
Welcome to the February 2026 edition of the Datadog Security Digest!
This month, we've got another set of interesting stories from different corners of the security landscape, including advances in the AI security world on both the offensive and defensive sides. We've also got an interesting story about how apparently read-only access to a Kubernetes cluster allows for command execution.
This newsletter was created by real people, not a machine. Your curator of the month is Rory McCune.
State of DevSecOps
Our latest State of DevSecOps report has been released, showing the ongoing challenges organizations face in managing the security of their development and software operations. A key highlight this time around is the tension between keeping software libraries updated to patch issues, and avoiding supply chain attacks which try to take advantage of those update processes to spread malware.
AI security
Cryptographers show that AI protections will always have holes
Quanta magazine's article explores some recent research into the limitations of filtering LLMs, showing how established cryptographic techniques can be used to bypass filtering systems. This kind of research mirrors a lot of work done on WAFs in the past to show how they can be bypassed by exploiting differences between the protected system and the filtering system.
Opus 4.6 finds more 0-days
As part of the release of Anthropic's Opus 4.6 model, they discuss how newer models are improving in their ability to find security vulnerabilities, with real-world examples of memory corruption bugs found and reported to open source projects. One thing that this research highlights, is the importance of providing agents a way to quickly test their work to get better results.
From magic to malware: How OpenClaw's agent skills become an attack surface
In a great example of how quickly the LLM world moves, the recently formed OpenClaw project (previously known as Moltbot or Clawdbot) has already attracted the attention of attackers who have been exploiting the skills marketplace used by OpenClaw to attack users. This is another example of the risks of uncurated marketplaces attached to popular projects.
Cloud security
AI-assisted cloud intrusion achieves admin access in 8 minutes
This post from Sysdig shows a good example of how LLMs are changing both offensive and defensive security. Whilst a lot of the techniques of attacking cloud environments may stay the same, the speed with which an LLM can explore and exploit an environment has consequences for the speed with which blue teams will need to respond.
Kubernetes Remote Code Execution Via Nodes/Proxy GET Permission
In this research, Graham explores how a Kubernetes permission that might be expected to be read-only (the GET permission on node/proxy resources) actually enables code execution on containers running on a Kubernetes node. This vulnerability can be mitigated on newer versions of Kubernetes (1.33+) using fine-grained Kubelet permissions.
Supply chain security
Supply chain risks from LLM hallucinations and squatting attacks
An article from Aikido Security highlights some of the risks of using third-party package repositories and dependencies. Showing that LLMs continue to recommend non-existent packages and that these recommendations can even make their way into project documentation that's consumed by more LLM agents shows how this could be an escalating problem.
Attackers are likely to take advantage of these weaknesses by squatting on common LLM hallucinations, allowing for the spread of malware.
Application security
Six bugs, one pre-auth RCE in a security product
In this in-depth article, Mehmet presents a chain of vulnerabilities that lead to a remote code execution vulnerability in Logpoint's SIEM/SOAR product. The article gives a great illustration of how vulnerabilities can compound in complex systems and the challenges in disclosure and resolution of these vulnerabilities.
Securing customer logins with breach intelligence
Account takeover attacks are a fact of life for most internet-facing services, with attackers using stolen credentials to try and gain access to sensitive data. This article shows how Datadog is responding to those kinds of attacks to design an automated defensive system for our own applications, which combines protection of users with maintaining system performance.
Community events and talks
RSA Conference
Our own Kennedy Toomey will be presenting at RSA this year on the topic of CVSS scoring and where the scores don't always meet with reality.
BSides San Francisco
Kennedy Toomey, Julie Agnes-Sparks, and Christine Le will be speaking at BSides San Francisco on March 21 and 22. Kennedy will be focusing on supply chain security, while Julie looks at attack campaigns, and Christine talks about threat hunting and detection.
Insomnihack
Christophe Tafani-Dereeper will be presenting on npm supply chain attacks at this year's Insomnihack on Friday, March 20.
Kubecon EU
Rory McCune will be presenting in the security track of this year's Kubecon EU in Amsterdam on March 24. He'll be looking at what LLMs do and don't know about Kubernetes security.